type: security
subject: Updated cfitsio packages fix security vulnerability
CVE:
 - CVE-2018-3846
 - CVE-2018-3848
 - CVE-2018-3849
src:
  6:
   core:
     - cfitsio-3.430-1.1.mga6
description: |
  CVE-2018-3846: Unsafe use of sprintf() can allow a remote unauthenticated
  attacker to execute arbitrary code
  CVE-2018-3848: Stack-based buffer overflow in ffghbn() allows for
  potential code execution
  CVE-2018-3849: Stack-based buffer overflow in ffghtb() allows for
  potential code execution
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24586
 - https://bugzilla.redhat.com/show_bug.cgi?id=1563915
 - https://bugzilla.redhat.com/show_bug.cgi?id=1568184
 - https://bugzilla.redhat.com/show_bug.cgi?id=1568189
ID: MGASA-2019-0133